Home › Forums › BulletProof Security Pro › Exploit Found – composer.phar
- This topic has 5 replies, 2 voices, and was last updated 5 months, 2 weeks ago by AITpro Admin.
-
AuthorPosts
-
IanParticipant
Hi,
Bulletproof has not reported or quarantined this file but our webost scanner is reporting that composer.phar is malware.
Exploit Found – php.sh.dev.null
Any ideas on what I should do please?
the location reported is
***********************.com/public_html/wp-content/bps-backup/autorestore/wp-content/upgrade-temp-backup/plugins/sunshine-digital-downloads/vendor/grandt/relativepath/composer.phar
IanParticipantHi,
It’s not blocking anything, it appears to have not detected the file is damgerous, well dangerous according to the web hosting virus scanner.
Thanks,
AITpro AdminKeymastercomposer.phar is the name of a php archive file for Composer > https://getcomposer.org/doc/00-intro.md. Sunshine Digital Downloads appears to be an add-on for the Sunshine Photo Cart plugin. The reason I am explaining this is that composer.phar is usually installed in a protected server folder like /bin. It should not be in a plugins folder. So my guess is either the Sunshine Photo Cart is a hacker plugin/nullled plugin or the Sunshine Photo Cart plugin comes with the composer.phar file to declare additional libraries.
It is quite possible the composer.phar file is a hacker file and it has been modified.
To delete the composer.phar file from AutoRestore backup > go to BPS Pro > AutoRestore > under wp-content Files > click the Delete Backup Files button > then click the Backup Files button.
AITpro AdminKeymasterI think WPSunshine is using Composer to install their add-on plugins. For reference > here is an example tutorial on how to do that > https://support.platform.sh/hc/en-us/community/posts/16439679495314
IanParticipantHi,
The developer has confirmed the following:
The file “sunshine-digital-downloads/vendor/grandt/relativepath/composer.phar” did exist in the previous Sunshine 2 version of the Digital Downloads add-on.
This is the current file structure for the plugin: https://share.cleanshot.com/CfczJtSk
In the “vendor” folder, there is no “grandt” folder like explained in the security report you have. It’s possible your backup system is merging the old Sunshine 2 version of folders/files with the newer Sunshine 3 version for the Digital Downloads add-on. I’m not sure – I have never seen or heard of that system which is used on your site so I don’t understand how it works.
AITpro AdminKeymasterOk so nothing to worry about then. This is/was a legitimate file and your web host scanner detected a false positive.
-
AuthorPosts
- You must be logged in to reply to this topic.